7.8

CVE-2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version1.2.0_beta1
AsteriskAsterisk Version1.2.0_beta2
AsteriskAsterisk Version1.2.5
AsteriskAsterisk Version1.2.6
AsteriskAsterisk Version1.2.7
AsteriskAsterisk Version1.2.8
AsteriskAsterisk Version1.2.9
AsteriskAsterisk Version1.2.10
AsteriskAsterisk Version1.2.11
AsteriskAsterisk Version1.2.12
AsteriskAsterisk Version1.2.13
AsteriskAsterisk Version1.2.14
AsteriskAsterisk Version1.2.15
AsteriskAsterisk Version1.2.16
AsteriskAsterisk Version1.2.17
AsteriskAsterisk Version1.4.1
AsteriskAsterisk Version1.4.2
AsteriskAsterisk Version1.4_beta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.86% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25582
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://secunia.com/advisories/24977
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1534
http://securityreason.com/securityalert/2646
http://www.asterisk.org/files/ASA-2007-012.pdf
http://www.osvdb.org/35369
http://www.securityfocus.com/archive/1/466911/100/0/threaded
http://www.securityfocus.com/bid/23649
http://www.securitytracker.com/id?1017955
https://exchange.xforce.ibmcloud.com/vulnerabilities/33886